A subnet is essentially every ip address that falls under the same first 3 numbers in the address. For example, if my laptop's IP is 10.0.0.2 and my printer's IP is 10.0.0.10, they are on the same 10.0.0.0/24 (ignore the /24 for now) subnet since '10.0.0' is shared in both IPs. If even 1 of the first 3 numbers is changed they would be on different subnets. E.g. if my laptop has the IP 10.0.0.2 and my printer has the IP 10.0.1.10. Just that 1 number makes the whole difference and they are now on different subnets.
Devices can only access other IP addresses on their subnet, so normal homes will just have devices on 1 subnet and never have to worry about it.
I assume (hope) the 10.20.0.0 subnet you entered in the Server Field in the first screenshot is taken from the youtube video I linked because that would make your life pretty easy. All you have to do is find what your TrueNAS ip is and enter that subnet into the push 'route blah blah' command I was talking about in the last post. For example, my TrueNAS machine has the ip 10.0.0.54. This means it's on the 10.0.0.0/24 subnet, so my Additional Parameters field (first screenshot) looks like this:
Code:
push "route 10.0.0.0 255.255.255.0"
And, hoping 10.20.0.0/24 isn't what your local network operates on, you should be good to go as far as that's concerned.
If (and only if) your TrueNAS machine operates on the 10.20.0.0/24 subnet, you have to choose a new VPN server subnet (something like 10.20.1.0/24) and switch that out for wherever 10.20.0.0/24 appears (including in NAT rule 4 you created from the youtube video).
I'll include my own config if it helps, just make sure to take note of your local subnet and VPN server subnet and switch them out where applicable. For reference, my VPN Server is 10.254.0.0/24 and my local subnet is 10.0.0.0/24 (it's safe to post local subnets since you'd have to already be through a firewall and in the network to access them, just not public IP addresses)
For NAT rule 4 in init/shutdown scripts I have:
Code:
nft 'add rule nat postrouting iifname openvpn-server oifname enp4s0 ip saddr 10.254.0.0/24 masquerade'
View attachment 62345
And please don't be embarrassed by not knowing this stuff! I was in your shoes 2-3 months ago, except I was too stubborn and prideful to post on the forum and ask for help, so I only know this stuff through google and a biblical amount of failure. I'm more than happy to assist you because I know how infuriating it is when going into setting it up blind, but I also know how great of a tool it is once configured.
As a sidenote, SHA1 is considered pretty weak regarding authentication algorithms. I have no reference of just how weak it is, but once you get a working setup I'd recommend going back and changing that just to be sure. I believe all you'd have to change is the 1 line in your client config that correlates.